>Try disabling KeySign and set it to no in the config files and restart SSHD. Try it again. Seems to be solved. Thanks Sharad. It is now bidirectional. // Naderan *Mahmood; ----- Original Message ----- From: Sharad <sharad2011@xxxxxxxxx> To: Mahmood Naderan <nt_mahmood@xxxxxxxxx> Cc: Sent: Friday, April 29, 2011 9:41 PM Subject: Re: problem with HostbasedAuthentication Hello Mahmood, Try disabling KeySign and set it to no in the config files and restart SSHD. Try it again. Regards, Sharad --- On Fri, 29/4/11, Mahmood Naderan <nt_mahmood@xxxxxxxxx> wrote: > From: Mahmood Naderan <nt_mahmood@xxxxxxxxx> > Subject: Re: problem with HostbasedAuthentication > To: "Sharad" <sharad2011@xxxxxxxxx> > Cc: "secureshell@xxxxxxxxxxxxxxxxx" <secureshell@xxxxxxxxxxxxxxxxx> > Date: Friday, 29 April, 2011, 5:31 PM > On the client: > > mahmood@client:~$ sudo service ssh stop > [sudo] password for mahmood: > ssh stop/waiting > > mahmood@client:~$ sudo /usr/sbin/sshd -ddd > debug2: load_server_config: filename /etc/ssh/sshd_config > debug2: load_server_config: done config len = 649 > debug2: parse_server_config: config /etc/ssh/sshd_config > len 649 > debug3: /etc/ssh/sshd_config:5 setting Port 22 > debug3: /etc/ssh/sshd_config:9 setting Protocol 2 > debug3: /etc/ssh/sshd_config:11 setting HostKey > /etc/ssh/ssh_host_rsa_key > debug3: /etc/ssh/sshd_config:12 setting HostKey > /etc/ssh/ssh_host_dsa_key > debug3: /etc/ssh/sshd_config:14 setting > UsePrivilegeSeparation yes > debug3: /etc/ssh/sshd_config:17 setting > KeyRegenerationInterval 3600 > debug3: /etc/ssh/sshd_config:18 setting ServerKeyBits 768 > debug3: /etc/ssh/sshd_config:21 setting SyslogFacility > AUTH > debug3: /etc/ssh/sshd_config:22 setting LogLevel INFO > debug3: /etc/ssh/sshd_config:25 setting LoginGraceTime 120 > debug3: /etc/ssh/sshd_config:26 setting PermitRootLogin > yes > debug3: /etc/ssh/sshd_config:27 setting StrictModes yes > debug3: /etc/ssh/sshd_config:29 setting RSAAuthentication > yes > debug3: /etc/ssh/sshd_config:30 setting > PubkeyAuthentication yes > debug3: /etc/ssh/sshd_config:34 setting IgnoreRhosts no > debug3: /etc/ssh/sshd_config:36 setting > RhostsRSAAuthentication no > debug3: /etc/ssh/sshd_config:38 setting > HostbasedAuthentication yes > debug3: /etc/ssh/sshd_config:43 setting > PermitEmptyPasswords no > debug3: /etc/ssh/sshd_config:47 setting > ChallengeResponseAuthentication no > debug3: /etc/ssh/sshd_config:62 setting X11Forwarding yes > debug3: /etc/ssh/sshd_config:63 setting X11DisplayOffset > 10 > debug3: /etc/ssh/sshd_config:64 setting PrintMotd no > debug3: /etc/ssh/sshd_config:65 setting PrintLastLog yes > debug3: /etc/ssh/sshd_config:66 setting TCPKeepAlive yes > debug3: /etc/ssh/sshd_config:73 setting AcceptEnv LANG > LC_* > debug3: /etc/ssh/sshd_config:75 setting Subsystem sftp > /usr/lib/openssh/sftp-server > debug3: /etc/ssh/sshd_config:86 setting UsePAM yes > debug1: sshd version OpenSSH_5.3p1 Debian-3ubuntu6 > debug3: Not a RSA1 key file /etc/ssh/ssh_host_rsa_key. > debug1: read PEM private key done: type RSA > debug1: Checking blacklist file > /usr/share/ssh/blacklist.RSA-2048 > debug1: Checking blacklist file > /etc/ssh/blacklist.RSA-2048 > debug1: private host key: #0 type 1 RSA > debug3: Not a RSA1 key file /etc/ssh/ssh_host_dsa_key. > debug1: read PEM private key done: type DSA > debug1: Checking blacklist file > /usr/share/ssh/blacklist.DSA-1024 > debug1: Checking blacklist file > /etc/ssh/blacklist.DSA-1024 > debug1: private host key: #1 type 2 DSA > debug1: rexec_argv[0]='/usr/sbin/sshd' > debug1: rexec_argv[1]='-ddd' > debug2: fd 3 setting O_NONBLOCK > debug1: Bind to port 22 on 0.0.0.0. > Server listening on 0.0.0.0 port 22. > debug2: fd 4 setting O_NONBLOCK > debug1: Bind to port 22 on ::. > Server listening on :: port 22. > > > > While it is listenning, in another shell I ran > > mahmood@server:~$ ssh -vvv 192.168.1.3 > > Then in the first terminal (which -ddd is on) I see > debug3: fd 5 is not O_NONBLOCK > debug1: Server will not fork when running in debugging > mode. > debug3: send_rexec_state: entering fd = 8 config len 649 > debug3: ssh_msg_send: type 0 > debug3: send_rexec_state: done > debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8 > debug1: inetd sockets after dupping: 3, 3 > Connection from 192.168.1.1 port 42036 > debug1: Client protocol version 2.0; client software > version OpenSSH_5.3p1 Debian-3ubuntu4 > debug1: match: OpenSSH_5.3p1 Debian-3ubuntu4 pat OpenSSH* > debug1: Enabling compatibility mode for protocol 2.0 > debug1: Local version string SSH-2.0-OpenSSH_5.3p1 > Debian-3ubuntu6 > debug2: fd 3 setting O_NONBLOCK > debug2: Network child is on pid 2829 > debug3: preauth child monitor started > debug3: mm_request_receive entering > debug3: privsep user:group 103:65534 > debug1: permanently_set_uid: 103/65534 > debug1: list_hostkey_types: ssh-rsa,ssh-dss > debug1: SSH2_MSG_KEXINIT sent > debug3: Wrote 784 bytes for a total of 823 > debug1: SSH2_MSG_KEXINIT received > debug2: kex_parse_kexinit: > diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 > debug2: kex_parse_kexinit: ssh-rsa,ssh-dss > debug2: kex_parse_kexinit: > aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@xxxxxxxxxxxxxx > debug2: kex_parse_kexinit: > aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@xxxxxxxxxxxxxx > debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@xxxxxxxxxxx,hmac-ripemd160,hmac-ripemd160@xxxxxxxxxxx,hmac-sha1-96,hmac-md5-96 > debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@xxxxxxxxxxx,hmac-ripemd160,hmac-ripemd160@xxxxxxxxxxx,hmac-sha1-96,hmac-md5-96 > debug2: kex_parse_kexinit: none,zlib@xxxxxxxxxxx > debug2: kex_parse_kexinit: none,zlib@xxxxxxxxxxx > debug2: kex_parse_kexinit: > debug2: kex_parse_kexinit: > debug2: kex_parse_kexinit: first_kex_follows 0 > debug2: kex_parse_kexinit: reserved 0 > debug2: kex_parse_kexinit: > diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 > debug2: kex_parse_kexinit: ssh-rsa,ssh-dss > debug2: kex_parse_kexinit: > aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@xxxxxxxxxxxxxx > debug2: kex_parse_kexinit: > aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@xxxxxxxxxxxxxx > debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@xxxxxxxxxxx,hmac-ripemd160,hmac-ripemd160@xxxxxxxxxxx,hmac-sha1-96,hmac-md5-96 > debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@xxxxxxxxxxx,hmac-ripemd160,hmac-ripemd160@xxxxxxxxxxx,hmac-sha1-96,hmac-md5-96 > debug2: kex_parse_kexinit: none,zlib@xxxxxxxxxxx,zlib > debug2: kex_parse_kexinit: none,zlib@xxxxxxxxxxx,zlib > debug2: kex_parse_kexinit: > debug2: kex_parse_kexinit: > debug2: kex_parse_kexinit: first_kex_follows 0 > debug2: kex_parse_kexinit: reserved 0 > debug2: mac_setup: found hmac-md5 > debug1: kex: client->server aes128-ctr hmac-md5 none > debug2: mac_setup: found hmac-md5 > debug1: kex: server->client aes128-ctr hmac-md5 none > debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received > debug3: mm_request_send entering: type 0 > debug3: mm_choose_dh: waiting for MONITOR_ANS_MODULI > debug3: mm_request_receive_expect entering: type 1 > debug3: mm_request_receive entering > debug3: monitor_read: checking request 0 > debug3: mm_answer_moduli: got parameters: 1024 1024 8192 > debug3: mm_request_send entering: type 1 > debug2: monitor_read: 0 used once, disabling now > debug3: mm_request_receive entering > debug3: mm_choose_dh: remaining 0 > debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent > debug3: Wrote 152 bytes for a total of 975 > debug2: dh_gen_key: priv key bits set: 129/256 > debug2: bits set: 504/1024 > debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT > debug2: bits set: 551/1024 > debug3: mm_key_sign entering > debug3: mm_request_send entering: type 5 > debug3: mm_key_sign: waiting for MONITOR_ANS_SIGN > debug3: mm_request_receive_expect entering: type 6 > debug3: mm_request_receive entering > debug3: monitor_read: checking request 5 > debug3: mm_answer_sign > debug3: mm_answer_sign: signature 0x7f0bb6bdfbf0(271) > debug3: mm_request_send entering: type 6 > debug2: monitor_read: 5 used once, disabling now > debug3: mm_request_receive entering > debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent > debug2: kex_derive_keys > debug2: set_newkeys: mode 1 > debug1: SSH2_MSG_NEWKEYS sent > debug1: expecting SSH2_MSG_NEWKEYS > debug3: Wrote 720 bytes for a total of 1695 > debug2: set_newkeys: mode 0 > debug1: SSH2_MSG_NEWKEYS received > debug1: KEX done > debug3: Wrote 48 bytes for a total of 1743 > debug1: userauth-request for user mahmood service > ssh-connection method none > debug1: attempt 0 failures 0 > debug3: mm_getpwnamallow entering > debug3: mm_request_send entering: type 7 > debug3: mm_getpwnamallow: waiting for MONITOR_ANS_PWNAM > debug3: mm_request_receive_expect entering: type 8 > debug3: mm_request_receive entering > debug3: monitor_read: checking request 7 > debug3: mm_answer_pwnamallow > debug3: Trying to reverse map address 192.168.1.1. > debug2: parse_server_config: config reprocess config len > 649 > debug3: mm_answer_pwnamallow: sending MONITOR_ANS_PWNAM: 1 > debug3: mm_request_send entering: type 8 > debug2: monitor_read: 7 used once, disabling now > debug3: mm_request_receive entering > debug2: input_userauth_request: setting up authctxt for > mahmood > debug3: mm_start_pam entering > debug3: mm_request_send entering: type 50 > debug3: mm_inform_authserv entering > debug3: monitor_read: checking request 50 > debug3: mm_request_send entering: type 3 > debug1: PAM: initializing for "mahmood" > debug2: input_userauth_request: try method none > debug3: mm_auth_password entering > debug3: mm_request_send entering: type 11 > debug3: mm_auth_password: waiting for > MONITOR_ANS_AUTHPASSWORD > debug3: mm_request_receive_expect entering: type 12 > debug3: mm_request_receive entering > debug1: PAM: setting PAM_RHOST to "server" > debug1: PAM: setting PAM_TTY to "ssh" > debug2: monitor_read: 50 used once, disabling now > debug3: mm_request_receive entering > debug3: monitor_read: checking request 3 > debug3: mm_answer_authserv: service=ssh-connection, style=, > role= > debug2: monitor_read: 3 used once, disabling now > debug3: mm_request_receive entering > debug3: monitor_read: checking request 11 > debug3: mm_answer_authpassword: sending result 0 > debug3: mm_request_send entering: type 12 > Failed none for mahmood from 192.168.1.1 port 42036 ssh2 > debug3: mm_request_receive entering > debug3: mm_auth_password: user not authenticated > debug3: Wrote 64 bytes for a total of 1807 > > > > > and in the second shell that I used -vvv, I see > > OpenSSH_5.3p1 Debian-3ubuntu4, OpenSSL 0.9.8k 25 Mar 2009 > debug1: Reading configuration data /etc/ssh/ssh_config > debug1: Applying options for * > debug2: ssh_connect: needpriv 0 > debug1: Connecting to 192.168.1.3 [192.168.1.3] port 22. > debug1: Connection established. > debug1: identity file /home/mahmood/.ssh/identity type -1 > debug1: identity file /home/mahmood/.ssh/id_rsa type -1 > debug1: identity file /home/mahmood/.ssh/id_dsa type -1 > debug1: Remote protocol version 2.0, remote software > version OpenSSH_5.3p1 Debian-3ubuntu6 > debug1: match: OpenSSH_5.3p1 Debian-3ubuntu6 pat OpenSSH* > debug1: Enabling compatibility mode for protocol 2.0 > debug1: Local version string SSH-2.0-OpenSSH_5.3p1 > Debian-3ubuntu4 > debug2: fd 3 setting O_NONBLOCK > debug1: SSH2_MSG_KEXINIT sent > debug3: Wrote 792 bytes for a total of 831 > debug1: SSH2_MSG_KEXINIT received > debug2: kex_parse_kexinit: > diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 > debug2: kex_parse_kexinit: ssh-rsa,ssh-dss > debug2: kex_parse_kexinit: > aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@xxxxxxxxxxxxxx > debug2: kex_parse_kexinit: > aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@xxxxxxxxxxxxxx > debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@xxxxxxxxxxx,hmac-ripemd160,hmac-ripemd160@xxxxxxxxxxx,hmac-sha1-96,hmac-md5-96 > debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@xxxxxxxxxxx,hmac-ripemd160,hmac-ripemd160@xxxxxxxxxxx,hmac-sha1-96,hmac-md5-96 > debug2: kex_parse_kexinit: none,zlib@xxxxxxxxxxx,zlib > debug2: kex_parse_kexinit: none,zlib@xxxxxxxxxxx,zlib > debug2: kex_parse_kexinit: > debug2: kex_parse_kexinit: > debug2: kex_parse_kexinit: first_kex_follows 0 > debug2: kex_parse_kexinit: reserved 0 > debug2: kex_parse_kexinit: > diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 > debug2: kex_parse_kexinit: ssh-rsa,ssh-dss > debug2: kex_parse_kexinit: > aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@xxxxxxxxxxxxxx > debug2: kex_parse_kexinit: > aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@xxxxxxxxxxxxxx > debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@xxxxxxxxxxx,hmac-ripemd160,hmac-ripemd160@xxxxxxxxxxx,hmac-sha1-96,hmac-md5-96 > debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@xxxxxxxxxxx,hmac-ripemd160,hmac-ripemd160@xxxxxxxxxxx,hmac-sha1-96,hmac-md5-96 > debug2: kex_parse_kexinit: none,zlib@xxxxxxxxxxx > debug2: kex_parse_kexinit: none,zlib@xxxxxxxxxxx > debug2: kex_parse_kexinit: > debug2: kex_parse_kexinit: > debug2: kex_parse_kexinit: first_kex_follows 0 > debug2: kex_parse_kexinit: reserved 0 > debug2: mac_setup: found hmac-md5 > debug1: kex: server->client aes128-ctr hmac-md5 none > debug2: mac_setup: found hmac-md5 > debug1: kex: client->server aes128-ctr hmac-md5 none > debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) > sent > debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP > debug3: Wrote 24 bytes for a total of 855 > debug2: dh_gen_key: priv key bits set: 131/256 > debug2: bits set: 551/1024 > debug1: SSH2_MSG_KEX_DH_GEX_INIT sent > debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY > debug3: Wrote 144 bytes for a total of 999 > debug3: check_host_in_hostfile: filename > /home/mahmood/.ssh/known_hosts > debug3: check_host_in_hostfile: match line 1 > debug1: Host '192.168.1.3' is known and matches the RSA > host key. > debug1: Found key in /home/mahmood/.ssh/known_hosts:1 > debug2: bits set: 504/1024 > debug1: ssh_rsa_verify: signature correct > debug2: kex_derive_keys > debug2: set_newkeys: mode 1 > debug1: SSH2_MSG_NEWKEYS sent > debug1: expecting SSH2_MSG_NEWKEYS > debug3: Wrote 16 bytes for a total of 1015 > debug2: set_newkeys: mode 0 > debug1: SSH2_MSG_NEWKEYS received > debug1: SSH2_MSG_SERVICE_REQUEST sent > debug3: Wrote 48 bytes for a total of 1063 > debug2: service_accept: ssh-userauth > debug1: SSH2_MSG_SERVICE_ACCEPT received > debug2: key: /home/mahmood/.ssh/identity ((nil)) > debug2: key: /home/mahmood/.ssh/id_rsa ((nil)) > debug2: key: /home/mahmood/.ssh/id_dsa ((nil)) > debug3: Wrote 64 bytes for a total of 1127 > debug1: Authentications that can continue: > publickey,password,hostbased > debug3: start over, passed a different list > publickey,password,hostbased > debug3: preferred > gssapi-keyex,gssapi-with-mic,gssapi,hostbased,publickey,keyboard-interactive,password > debug3: authmethod_lookup hostbased > debug3: remaining preferred: > publickey,keyboard-interactive,password > debug3: authmethod_is_enabled hostbased > debug1: Next authentication method: hostbased > get_socket_address: getnameinfo 8 failed: Name or service > not known > debug2: userauth_hostbased: chost server. > debug2: ssh_keysign called > debug3: ssh_msg_send: type 2 > debug3: ssh_msg_recv entering > debug1: permanently_drop_suid: 1000 > get_socket_address: getnameinfo 8 failed: Name or service > not known > cannot get sockname for fd > ssh_keysign: no reply > key_sign failed > debug2: we did not send a packet, disable method > debug3: authmethod_lookup publickey > debug3: remaining preferred: keyboard-interactive,password > debug3: authmethod_is_enabled publickey > debug1: Next authentication method: publickey > debug1: Trying private key: /home/mahmood/.ssh/identity > debug3: no such identity: /home/mahmood/.ssh/identity > debug1: Trying private key: /home/mahmood/.ssh/id_rsa > debug3: no such identity: /home/mahmood/.ssh/id_rsa > debug1: Trying private key: /home/mahmood/.ssh/id_dsa > debug3: no such identity: /home/mahmood/.ssh/id_dsa > debug2: we did not send a packet, disable method > debug3: authmethod_lookup password > debug3: remaining preferred: ,password > debug3: authmethod_is_enabled password > debug1: Next authentication method: password > mahmood@xxxxxxxxxxx's password: > > > Hope that is the correct information you need. > Thanks. > > // Naderan *Mahmood; >